A
AiTechWorlds
AiTechWorlds
| Technology | Hides Your IP from... | Encrypts Traffic? | Use Case |
|---|---|---|---|
| Proxy | Destination server | No (usually) | Basic IP masking, content access |
| VPN | Destination server + ISP | Yes | Privacy, secure remote access |
| Tor | VPN provider + destination | Yes (multi-layer) | Anonymity, high-risk reporting |
| NAT | Hides private IPs from internet | No | Network architecture (not privacy) |
Without VPN:
Your Device β ISP β Internet β Website
(ISP sees destination, website sees your IP)
With VPN:
Your Device β Encrypted Tunnel β VPN Server β Internet β Website
(ISP sees VPN server only, website sees VPN IP, VPN provider sees everything)| Protocol | Speed | Security | Port | Notes |
|---|---|---|---|---|
| WireGuard | Fastest | Very high | UDP 51820 | Modern, simple codebase |
| OpenVPN | Good | Very high | TCP 443 / UDP 1194 | Open source, most flexible |
| IKEv2/IPSec | Fast | High | UDP 500/4500 | Native in iOS/Windows |
| L2TP/IPSec | Medium | Medium | UDP 1701 | Legacy, avoid if possible |
| PPTP | Fast | BROKEN | TCP 1723 | Never use β compromised |
Office A βββ VPN Tunnel βββ Office B
(Both networks appear as one private network)
Protocols: IPSec, GRE over IPSec, WireGuard# /etc/wireguard/wg0.conf (Server)
[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32# Client config
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = server-ip:51820
AllowedIPs = 0.0.0.0/0 # Route all traffic through VPN
PersistentKeepalive = 25| Proxy Type | What It Does | Transparency |
|---|---|---|
| Forward proxy | Client β Proxy β Internet | Client aware |
| Reverse proxy | Internet β Proxy β Servers | Client unaware |
| Transparent proxy | Intercepts without client config | Client unaware |
| SOCKS5 proxy | Protocol-agnostic traffic routing | Client aware |
| HTTP/HTTPS proxy | HTTP traffic only | Client aware |
# Nginx as reverse proxy
server {
listen 443 ssl;
server_name app.example.com;
ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}Your Device
β (encrypted with 3 layers)
β
Guard Node (Entry) β knows your IP, not destination
β (decrypts outer layer)
β
Middle Node β knows neither you nor destination
β (decrypts middle layer)
β
Exit Node β knows destination, not you
β
β
Destination Website| Aspect | Tor | VPN |
|---|---|---|
| Anonymity | High (no single point knows all) | Medium (VPN provider knows all) |
| Speed | Slow (3-hop routing) | Fast |
| Trust required | No single party | VPN provider |
| Cost | Free | Paid (for quality) |
| Legality | Legal in most countries | Legal in most countries |
| Use case | High-stakes anonymity | Privacy + speed |
NAT allows multiple devices on a private network to share a single public IP address.
Private Network Internet
192.168.1.10 ββ βββ 8.8.8.8 (Google DNS)
192.168.1.11 ββ€ββ Router (NAT) ββββ€ββ 1.1.1.1 (Cloudflare)
192.168.1.12 ββ Public IP: 1.2.3.4 βββ 93.184.216.34 (example.com)| Type | Description | NAT Traversal |
|---|---|---|
| Static NAT | One-to-one mapping | Easy |
| Dynamic NAT | Pool of public IPs | Harder |
| PAT / Masquerade | Many-to-one (port-based) | Hardest |
| Port Forwarding | Specific port β internal host | N/A (explicit mapping) |
# iptables port forwarding: external port 8080 β internal server 192.168.1.100:80
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.100:80
iptables -A FORWARD -p tcp -d 192.168.1.100 --dport 80 -j ACCEPT| Range | Subnet | Hosts |
|---|---|---|
| 10.0.0.0/8 | 10.x.x.x | 16.7 million |
| 172.16.0.0/12 | 172.16.x.x β 172.31.x.x | 1.05 million |
| 192.168.0.0/16 | 192.168.x.x | 65,534 |
These addresses are never routed on the public internet β they only work within private networks.
Full tunnel: All traffic β VPN β Internet
Split tunnel: Corporate traffic β VPN; Personal traffic β Direct ISP
Benefits of split tunnel:
- Faster for non-corporate traffic
- Less load on VPN server
- Streaming services work without VPN IP blocks
Risk:
- Personal browsing bypasses corporate monitoring/protectionDownload VPN, Proxy, Tor & NAT: Complete Guide
Get this note + 100s more free on Telegram
Get more notes like this daily on Telegram!
Free study notes, cheat sheets & AI tips
Join AiTechWorlds on Telegram and get daily AI tips, prompt engineering templates, coding resources, and exclusive content β 100% free!
No spam. Leave anytime.